Please Read The Disclaimer Before Continuing.

This essay shows you two methods of finding the correct serial number for this little prog.  The second method is so simple, that it doesn't warrant an essay, so I'll show you another method for knowledge purposes.

Upon trying to disassemble this program, or running QuickView on it, we can see that it is written in Visual Basic 5.0, so we know that our favorite functions (GetWindowTextA and GetDlgItemTextA) won't work.  We'll give the HmemCpy function a shot.

Run the program (brk175.exe), and you'll see one text box to enter a serial number, with the text "Enter your guess here :)".  Enter some dummy data into the box, and press Cntrl+D to enter Soft-Ice.  Set a breakpoint on HmemCpy (BPX HMEMCPY).  Now press Cntrl+D or X to exit back to the program.

Press the "Check It" button, and Soft-Ice will pop up.  Press F11 once to get out of the code, and you should be here:
 

177F:0B40  9A189E1701           CALL    KERNEL!HMEMCPY 177F:0B45  FF35                 PUSH    WORD PTR [DI] 177F:0B47  9AB0011F01           CALL    KERNEL!LOCALUNLOCK 177F:0B4C  8BC6                 MOV     AX,SI 177F:0B4E  5E                   POP     SI 177F:0B4F  5F                   POP     DI 177F:0B50  C9                   LEAVE 177F:0B51  C20A00               RET     000A

On the line above the command window, you'll see "USER(0A)".  This isn't where we want to be, so we need to step through the code using F10.  You'll need to step many times, all the way through "MSVBVM50!.text" until you see "BRK175!.text" on the line.

Now that we're where we need to be, we need to slowly step through the code, until we find something that interestes us.  You'll find this after a couple of steps here:
 

0137:004106E1  E8C609FFFF       CALL    004010AC 0137:004106E6  FF75E8           PUSH    DWORD PTR [EBP-18] 0137:004106E9  6850014100       PUSH    00410150             :interesting? 0137:004106EE  E8C509FFFF       CALL    004010B8 0137:004106F3  8BD8             MOV     EBX,EAX 0137:004106F5  8D4DE8           LEA     ECX,[EBP-18] 0137:004106F8  F7DB             NEG     EBX 0137:004106FA  1BDB             SBB     EBX,EBX

That PUSH referenced above looks like it could be interesting, so let's display it to see what it holds.  Display it by typing d 00410150.  Now you'll see the following in the data window:
 

2.h.a.r.d.4.u.2. c.r.a.c.k.m.8... .0.3.f.......`.. &...B.u.L._.L.e. T.@.h.o.t.m.a.i. l...c.o.m...2... N.o.p.e... .T.h. a.t.'.s. .n.o.t.

Hmm.. that looks kind of strange to us.  We didn't see that string or the author's e-mail address in the program.  Could this be the serial number?  Type bc * to clear your breakpoint, then press Cntrl+D or X to exit back to the program.

Let's enter the string "2hard4u2crackm8" into the text box.  Press the "Check It" button, and voila!  Cracked!  And there's the author's e-mail address.  Wasn't 2hard4us2crack now was it?

Now that we found the above information, we realize that we could have cracked this program much easier... which leads us to...

Since the serial number is hardcoded, all we have to do is open the program up in any hex editor, and do a search.  If we enter the wrong number, and press the "Check It" button, you'll see the string "Nope. That's not the one!" displayed.  So let's search for "Nope".

Since the information is displayed in "Wide Character Format", we must search for "N.o.p.e" rather than "Nope".. once you find it, the serial number is right above!